Re: CSRF Token

<!--Force creation of a Session when the filter matches a path - this should only be used when you areconfident the filtered part of the web application is using an authentication mechanism that will avoidprotected pages being accessed until the user is authenticated. Otherwise this would be a route toa Session fixation attack.--><session>true</session>

<!--Properties that may be used inside the rest of the CSRFPolicy config to avoid repetition butalso making it possible to provide different values in different environments.I.e. Different "Referer" & "Origin" properties for test & production etc.Reference a property using "{propertyName}".--><properties>

<!-- There is normally no need to override this property --><token>alf-csrftoken</token>

<!--Override and set this property with a regexp that if you have placed Alfresco behind a proxy thatdoes not rewrite the Referer header.--><referer></referer>

<!--Override and set this property with a regexp that if you have placed Alfresco behind a proxy thatdoes not rewrite the Origin header.--><origin></origin></properties>

<!--Will be used and exposed to the client side code in Admin.CSRFUse the Admin.CSRF.getHeader() or Admin.CSRF.getParameter() with Admin.CSRF.getToken()to set the token in custom 3rd party code.--><client><cookie>{token}</cookie><header>{token}</header><parameter>{token}</parameter></client>

<!-- The first rule with a matching request will get its action invoked, the remaining rules will be ignored. --><filter>

<!--Verify that all remaining state changing requests contain a token in the header and correct referer & origin headersif available. We "catch" all content types since just setting it to "application/json.*" since a webscript that doesn'trequire a json request body otherwise would be successfully executed using i.e."text/plain".--><!-- <rule><request><method>POST|PUT|DELETE</method></request><action name="assertToken"><param name="session">{token}</param><param name="header">{token}</param></action><action name="assertReferer"><param name="referer">{referer}</param></action><action name="assertOrigin"><param name="origin">{origin}</param></action></rule> --></filter>

</config>

this is my share config.after this code every where in upload api csrf token is getting null.so i cant use inbuilt upload functionality and also get error in my custom upload api too.

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.